Privacy Policy

Privacy Policy of
last update: 25 May 2018

This Privacy Policy (further: “Policy”) specifies the methods of collecting and processing personal data of users who take advantage of the services provided electronically through the website (further: “Services”) and the rights vested in users whose personal data are processed.

The personal data controller is the company CD PROJEKT S.A., with its registered office at ul. 74, 03-301 Warszawa (further: “Controller” or “Company”). Personal data protection matters should be dealt with by sending electronic mail to the address or a letter by conventional post to the Company’s address given above.

The Controller has appointed a Data Protection Officer (further: “DPO”), who is responsible for supervising and implementing a personal data protection strategy and ensures compliance of the Company’s operations with the applicable law and the adopted internal policy. The DPO appointed by the Company can be contacted at:


Any personal data are processed by the Controller in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (further: “GDPR”).

The Controller does not intentionally collect personal data of children aged below 16, without the consent of the child’s parent or guardian. In the case of doubt, parents and guardians are asked to contact the Company at


Users’ personal data are processed by the Controller for the following purposes:

  • to provide services of which the user is taking advantage (i.e. in order to perform the contract between the user and the Controller) – this refers to keeping the user account on the investor forum available at (further: “Forum”),
  • to provide services for which the user has agreed* – this refers to sending the Controller’s investor newsletters (further: “Newsletter”).

* User’s consent can be withdrawn at any time, which will be tantamount to ceasing the provision of services that are performed based on it.


Where the service of keeping an account on the Forum is provided, personal data in the following categories must be collected:

  1. e-mail address,

Failure to indicate the aforesaid data will prevent provision of the services to the user.

As part of the service of keeping a Forum account, while completing his/her profile, the user may voluntarily and discretionarily provide data in the following categories:

  1. first name and surname,
  2. contact details – website,
  3. user’s note about himself/herself,
  4. profile photograph (avatar),
  5. signature used on the Forum.

Failure to indicate the aforesaid data will not cause any adverse consequences for the user, as such data are not obligatory.

In addition, the Controller can process data generated automatically by the user’s activity on the Forum: subscribed threads, favourite topics, and created posts.

As part of the Newsletter sending service, personal data in the following categories are collected: e-mail address. Failure to indicate an e-mail will prevent provision of the service to the user.


The Controller also processes user information by way of cookies. In order to obtain full details on this, please read the Cookie Policy made available at: The Cookies Policy constitutes an integral part of this Privacy Policy.


Data collected by the Controller are stored within the EEA on Company servers or on secure servers of Trusted Partners described below. The Controller is responsible for implementing appropriate technical and organisational measures in order to protect personal data against being illegally processed, lost, damaged, or destroyed. The Controller ensures that personal data are processed safely and in accordance with this Privacy Policy. Personal data are not made available to countries from outside the EEA.


Users’ personal data are processed as long as needed to achieve the purposes specified in this Policy. In certain extraordinary situations, longer retention periods may be required under the law.

Where users’ personal data do not have to be processed any more to provide the services indicated above, the Controller will be obliged to erase or anonymise them. In particular:

  1. data associated with a specific service will be processed for the duration of the contract for accessing this service (Forum), and subsequently for a period determined by legal requirements (e.g. where a potential risk arises of claims being brought against the Company – the retention period may be up to 10 years from the claim being made enforceable /limitation period/ or throughout the period of judicial proceedings plus the judgment enforceability period) or for settlement purposes,
  2. data collected based on the user’s consent (Newsletter) will be processed for a period for which the consent was given, however no longer than required by the processing purpose, and subsequently for a period determined by legal or settlement purposes,
  3. in the case of a contact with the Controller, user’s data, including correspondence with the user, will be processed for as long as needed to provide assistance, and subsequently for a period determined by legal or settlement purposes.


The Controller is not liable for usage by other users or third parties of any personal data made publicly available by the users themselves through the service.


Personal data may be made available to the Controller’s Trusted Partners that help provide services to users (e.g. distribution of the Newsletter). The Controller ensures that only minimum information is provided to the partners in order to attain the objectives for which the co-operation was entered into. Trusted Partners may have potential or actual access to restricted user data and may process them on the Controller’s behalf. Personal data covered by this Privacy Policy are made available to the following Trusted Partners that may process them on the Controller’s behalf only for the purposes specified below:

  • partners responsible for hosting and maintaining the Forum,
  • partners providing the Controller with tools for internal management of data and for sharing them,
  • partners assisting in data analysis by way of providing analytical tools,
  • partners assisting in managing the Controller’s Newsletter and electronic communications by way of providing appropriate tools.


Under the applicable law, the following rights are vested in individuals whose data are processed:

  • right to access the user’s personal data being processed by the Controller,
  • right to request that the user’s personal data be deleted from the Controller’s database,
  • right to request that the user’s personal data be rectified/corrected in justified cases,
  • right to request that the processing of the user’s personal data be restricted,
  • right to have the user’s personal data transferred to another entity,
  • right to lodge a complaint with an appropriate data protection authority.

In order to exercise the aforesaid rights, please contact the Company at:

In the case of any questions or doubts about personal data protection, please contact the Controller at: or the Data Protection Officer at:

In order to lodge a complaint with an appropriate personal data protection authority , the user may report to a local personal data protection authority or the President of the Personal Data Protection Authority (PUODO) in Poland.


This Privacy Policy can be amended at any time, in particular in order to reflect changes made in the services provided by the Controller or amendments to the applicable law.

In order to obtain full details about electronically provided services, please read the Rules made available at: